Book Home

Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Index: S

S/Key password program : 10.3.1. One-Time Passwords
sabotage : (see denial of service)
SAGE (System Administrators Guild) : A.5.5. System Administrators Guild (SAGE)
SATAN package
12.2.4. Responding to Probes
B.2.4. SATAN
score keepers : 1.2.2.3. Score Keepers
screend package
6.5. Conventions for Packet Filtering Rules
B.3.1. screend
screened host architecture
4.2.2. Screened Host Architecture
9.2. Screened Host Architecture
screened subnet architecture
4.2.3. Screened Subnet Architecture
9.1. Screened Subnet Architecture
with dual-homed host architecture : 4.3.8. It's OK to Use Dual-Homed Hosts and Screened Subnets
screening routers
4.1.1. Packet Filtering
6. Packet Filtering
(see also packets, filtering)
acceptable addresses for : 6.5. Conventions for Packet Filtering Rules
choosing : 6.8. Choosing a Packet Filtering Router
configuring : 6.2. Configuring a Packet Filtering Router
proxy systems and : 7. Proxy Systems
rules for : 6.5. Conventions for Packet Filtering Rules
where to use : 6.8.8. It Should Have Good Testing and Validation Capabilities
search programs : 2.6. Other Information Services
Secure HTTP : 8.6.4. Secure HTTP
security
1.4. What Is an Internet Firewall?
8.1.1.1. SMTP for UNIX: Sendmail
8.10.4. DNS Security Problems
(see also firewalls)
against system failure : 3.5. Fail-Safe Stance
audit : 5.8.5. Running a Security Audit
of backups : 5.10. Protecting the Machine and Backups
bastion host speed and : 5.3.2. How Fast a Machine?
choke points
9.1.4.3. Choke point
9.2.3.3. Choke point
of commercial authentication systems : 10.4.3. Commercial Solutions
cryptography : 10. Authentication and Inbound Services
default deny stance : 6.2.3. Default Permit Versus Default Deny
default permit stance : 6.2.3. Default Permit Versus Default Deny
defense in depth
9.1.4.2. Defense in depth
9.2.3.2. Defense in depth
designing for network : 1.4.3. Buying Versus Building
diversity of defense
3.7. Diversity of Defense
9.1.4.7. Diversity of defense
9.2.3.7. Diversity of defense
encryption, network-level : 10.5. Network-Level Encryption
fail-safe stance
9.1.4.5. Fail-safe stance
9.2.3.5. Fail-safe stance
host : 1.3.3. Host Security
important of simplicity of : 3.8. Simplicity
incident response teams : (see incident response teams)
incidents : (see incidents)
insecure networks : 4.4.2. Insecure Networks
IRC and : 8.9.2. Internet Relay Chat (IRC)
keeping checksums secure : 13.5.3. Keeping Secured Checksums
lack of : 1.3. How Can You Protect Your Site?
least privilege
9.1.4.1. Least privilege
9.2.3.1. Least privilege
legal responsibilities : 11.2.3. External Factors That Influence Security Policies
of machine : 5.8.1. Securing the Machine
modem pools : 10.6. Terminal Servers and Modem Pools
netacl : 5.8.3.2. Using netacl to protect services
network : (see network)
operating system bugs : 5.8.1.2. Fix all known system bugs
policies for
1.4.1.1. A firewall is a focus for security decisions
11. Security Policies
reviewing : 11.1.1.5. Provision for reviews
of POP : 8.1.2. Post Office Protocol (POP)
practicing drills for : 13.5.7. Doing Drills
protecting the network internally : 4.4. Internal Firewalls
protocol, and proxying : 7.4.3. Protocol Security
regarding HTTP : 8.6.3. HTTP Security Concerns
resources for : A. Resources
responding to incidents : 13. Responding to Security Incidents
reviewing response strategies : 13.4.8. Periodic Review of Plans
SNMP : 8.12.1. Simple Network Management Protocol (SNMP)
strategies for : 3. Security Strategies
TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services
terminal servers : 10.6. Terminal Servers and Modem Pools
through obscurity : 1.3.2. Security Through Obscurity
time information and : 8.13. Network Time Protocol (NTP)
universal participation : 3.6. Universal Participation
weakest link
3.4. Weakest Link
9.1.4.4. Weakest link
9.2.3.4. Weakest link
when proxying is ineffective : 7.8.2. Proxying Won't Secure the Service
when system crashes : 5.10.1. Watch Reboots Carefully
with whois service : 8.8.2. whois
X11 window system mechanisms : 8.16. X11 Window System
Sendmail
2.1. Electronic Mail
3.1. Least Privilege
8.1.1.1. SMTP for UNIX: Sendmail
(see also SMTP)
Morris worm : 8.1. Electronic Mail
servers
Archie, running : 8.7.3.4. Running an Archie server
DNS
for internal hosts : 8.10.5.2. Set up a real DNS server on an internal system for internal hosts to use
setting up fake : 8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use
routed : 5.8.2.4. Which services should you disable?
servers, proxy : (see proxy services)
services host : 9.2. Screened Host Architecture
services, inbound : (see inbound, services)
services, Internet : 2. Internet Services
booting : 5.8.2.4. Which services should you disable?
configuring : 8. Configuring Internet Services
contacting providers about incidents
13.1.4.3. Vendors and service providers
13.4.4.3. Vendors and service providers
default deny stance : 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
default permit stance : 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
direct access to : 7.1.1.1. Proxy services allow users to access Internet services `directly'
disabling those not required : 5.8.2. Disabling Nonrequired Services
filtering by : 6.7. Filtering by Service
information lookup services : 8.8. Information Lookup Services
installing and modifying : 5.8.3. Installing and Modifying Services
LAN-oriented : 5.6. Selecting Services Provided by the Bastion Host
NFS (Network File System) : 5.8.2.4. Which services should you disable?
protecting with TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services
proxying with : 7.4. Using Proxying with Internet Services
"r" commands : 5.8.2.4. Which services should you disable?
real-time conferencing : 8.9. Real-Time Conferencing Services
RPC (Remote Procedure Call) : 5.8.2.4. Which services should you disable?
selecting for bastion host : 5.6. Selecting Services Provided by the Bastion Host
started by /etc/rc : 5.8.2.1. How are services managed?
Telnet : (see Telnet)
services, network management : (see network, management services)
services, proxy : (see proxy services)
services, store-and-forward : 7.5. Proxying Without a Proxy Server
setgid capability : 5.3.1. What Operating System?
setuid capability : 5.3.1. What Operating System?
shell scripts : 5.8.2.1. How are services managed?
shutting down
13.1.2. Disconnect or Shut Down, as Appropriate
13.4.3. Planning for Disconnecting or Shutting Down Machines
Simple Mail Transfer Protocol : (see SMTP)
Simple Network Management Protocol : (see SNMP)
single-purpose routers : 6.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
smap package : 8.1.1.3. Improving SMTP security with smap and smapd
smapd program : 8.1.1.3. Improving SMTP security with smap and smapd
SMTP (Simple Mail Transfer Protocol)
2.1. Electronic Mail
5.6. Selecting Services Provided by the Bastion Host
7.5. Proxying Without a Proxy Server
8.1.1. Simple Mail Transfer Protocol (SMTP)
configuring
firewalls and : 8.1.1.6. Configuring SMTP to work with a firewall
in screened host architecture : 9.2.1.3. SMTP
in screened subnet architecture : 9.1.1.3. SMTP
for UNIX : (see Sendmail)
snapshots, system
13.1.5. Snapshot the System
13.4.5. Planning for Snapshots
sniffing for passwords
1.2.1.3. Information Theft
10.1.2. Packet Sniffing
10.3.1. One-Time Passwords
(see also network, taps)
SNK-004 card, TIS FWTK : 10.3.3. Challenge-Response Schemes
SNMP (Simple Network Management Protocol) : 2.10. Network Management Services
configuring : 8.12.1. Simple Network Management Protocol (SNMP)
snuffle program : 5.8.2.2. How to disable services
sockets : C.12.3. Sockets
SOCKS package
4.1.2. Proxy Services
7.6. Using SOCKS for Proxying
B.4.2. SOCKS
(see also proxy services)
functions : 7.6. Using SOCKS for Proxying
HTTP proxying on
in screened subnet architecture : 9.1.1.5. HTTP
modified finger service : 8.8.1.2. Proxying characteristics of finger
software
to automatically monitor the system : 5.9.2. Consider Writing Software to Automate Monitoring
installing on machine : 5.8.4. Reconfiguring for Production
proxying
4.1.2. Proxy Services
7.1.2.1. Proxy services lag behind nonproxied services
7.2. How Proxying Works
(see also proxy services)
router : (see routers)
viruses and : 1.4.2.4. A firewall can't protect against viruses
source address
filtering by : 6.6.1. Risks of Filtering by Source Address
forgery : 6.6.1. Risks of Filtering by Source Address
source port, filtering by : 6.7.4. Risks of Filtering by Source Port
source routing
5.8.2.5. Turning off routing
6.3.2.1. IP options
speed, processing : 5.3.2. How Fast a Machine?
spell command, UNIX : 5.8.5.3. About checksums for auditing
spies : 1.2.2.4. Spies (Industrial and Otherwise)
startup scripts : 5.8.2.1. How are services managed?
store-and-forward services : 7.5. Proxying Without a Proxy Server
subnet architecture, screened
4.2.3. Screened Subnet Architecture
9.1. Screened Subnet Architecture
subnets : C.9.2. Subnets
Sun RPC : (see RPC)
supporting Internet services : (see services, Internet)
SWATCH program
5.9.2. Consider Writing Software to Automate Monitoring
B.6.4. SWATCH
SYN (synchronize sequence numbers) bit : C.6.2. Transmission Control Protocol
syslog : 5.8.1.4. Safeguard the system logs
configuring : 8.11. syslog
example output from : 12.2.2. What Should You Watch For?
SWATCH program with : 5.9.2. Consider Writing Software to Automate Monitoring
system
autonomous : C.10. Internet Routing Architecture
crashes, watching carefully : 5.10.1. Watch Reboots Carefully
customized : 13.1.6. Restore and Recover
defense, diversity of : 3.7. Diversity of Defense
documenting after incident
13.1.5. Snapshot the System
13.4.5. Planning for Snapshots
failure of : 3.5. Fail-Safe Stance
keeping up-to-date : 12.3.2. Keeping Your Systems Up To Date
labeling and diagramming : 13.5.2. Labeling and Diagraming Your System
logging activity : (see logs)
monitoring
5.9.2. Consider Writing Software to Automate Monitoring
12.2. Monitoring Your System
operating, testing reload of : 13.5.6. Testing the Reload of the Operating System
rebuilding : 13.1.6. Restore and Recover
restoring after incident : 13.1.6. Restore and Recover
planning for : 13.4.6. Planning for Restoration and Recovery
shutting down : 13.1.2. Disconnect or Shut Down, as Appropriate
System Dynamics cards : 10.3.2. Time-based Passwords


Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Copyright © 1999 O'Reilly & Associates, Inc. All Rights Reserved.